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DETAILED ACTION 



The amendment received on April 22, 2004 has been entered and fully 



considered. 



Response to Amendment 



Claim Rejections - 35 USC § 103 



1 . The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-3, 5-15, and 19-25 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Abraham et al., U.S. Patent No. 5,983,270 further in view of Gleeson 
et al., U.S. Patent No. 5,627,829. 

Abraham teaches the invention as claimed including the monitoring, logging and 
blocking data packets transmitted via an intranetwork or internetwork (see abstract). 

As to claim 1 , Abraham teaches an apparatus for processing data packets, 
comprising: 

a first data processing unit adapted to filter incoming packets (col. 2, lines 31-60, 
Abraham discloses a filter engine); 
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an addressable memory unit in which a plurality of instruction sets for packet 
processing are stored (col. 2, lines 31-60; col. 7, Abraham discloses a set of rules and a 
rules and logging database); and 

a data bus connecting the addressable memory unit and the first and second 
data processing units, (col. 2, lines 31-60; col. 7, Abraham discloses a network 
connecting the units). 

Abraham fails to teach the limitation further including a second data processing 
unit adapted to process incoming packets according to one of said plurality of instruction 
sets after the filtering, based on a thread assigned to the incoming packets by the first 
data processing unit. 

However, Gleeson teaches an apparatus and methods for connecting nodes to 
wireless networks usibg standard network protocols (see abstract). Gleeson teaches 
the use of a compression routine run after filtering that is called by the transmit manager 
thread which is assigned before filtering (col. 20, lines 51-67; col. 21, lines 1-50). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Abraham in view of Gleeson to use a second data processing unit 
adapted to process incoming packets according to one of said plurality of instruction 
sets after the filtering, based on a thread assigned to the incoming packets by the first 
data processing unit. One would be motivated to do so because it would allow for the 
packets to be processed more efficiently. 
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Regarding claim 2, Abraham teaches the apparatus of claim 1 , further comprising 
a policy condition table connected to said first data processing unit, said policy condition 
table having a plurality of rules stored therein (col. 2, lines 31-60; col. 7; col. 9, lines 43- 
65; Abraham discloses a set of rules in a database). 

Regarding claim 3, Abraham teaches the apparatus of claim 1 , further comprising 
a policy action table connected to said data bus and said addressable memory unit, 
wherein said policy action table stores at least one data processing policy (col. 2, lines 
31-60; col. 7, Abraham discloses policies collected by a database). 

Regarding claim 5, Abraham teaches the apparatus of claim 3, wherein said first 
data processing unit assigns a thread to each said incoming packet, wherein said 
thread corresponds to one of said policies stored in said policy action table (col. 2, lines 
31-60; col. 9, lines 43-65; Abraham discloses mapping information). 

Regarding claim 6, Abraham teaches the apparatus of claim 3, wherein said first 
data processing unit comprises logic for matching a first incoming packet to a stored 
first rule and for generating a first thread if the first incoming packet matches said first 
rule, said first thread identifying the location of one of said at least one data processing 
policies in said policy action table (col. 2, lines 31-60; col. 7; col. 9, lines 43-65). 
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Regarding claim 7, Abraham teaches the apparatus of claim 6, wherein said 
second data processing unit is adapted to process the first incoming packet according 
to said data processing policy corresponding to said first thread (col. 2, lines 31-60; col. 
7; col. 9, lines 43-65). 

Regarding claim 8, Abraham teaches the apparatus of claim 6 ? wherein said data 
processing policy comprises a first address pointer to a starting address of a first set of 
instructions and a second address pointer to a starting address of a state block stored in 
said addressable memory unit, said state block used by said first set of instructions for 
processing the first incoming packet (col. 5, lines 46-67; col. 6, lines 1-4; col. 7). 

Regarding claim 9, Abraham teaches the apparatus of claim 6, wherein said 
thread is assigned to said first incoming packet based on said first rule (col. 2, lines 31- 
60; col. 7; col. 9, lines 43-65). 

Regarding claim 10, Abraham teaches the apparatus of claim 6, wherein said 
first processing unit further comprises logic for matching a second incoming packet to a 
stored second rule and for generating a second thread if the second incoming packet 
matches the second rule, said second thread identifying the location of one of said at 
least one data processing policy in said policy action table (col. 2, lines 31-60; col. 7; 
col. 9, lines 43-65). 
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Regarding claim 1 1 , Abraham teaches the apparatus of claim 10, wherein said 
second data processing unit is adapted to process the second incoming packet 
according to said data processing policy corresponding to said second thread (col. 2, 
lines 31-60; col. 7; col. 9, lines 43-65). 

Regarding claim 12, Abraham teaches the apparatus of claim 10, wherein said 
second thread is assigned to said second incoming packet based on said second rule 
(col. 2, lines 31-60; col. 7; col. 9, lines 43-65). 

Regarding claim 13, Abraham teaches the apparatus of claim 3, wherein said 
first processing unit further comprises logic for matching a plurality of incoming packets 
to a stored corresponding plurality of rules and for generating a thread for each packet 
that matches one of said plurality of rules, each said thread identifying the location of 
one of said at least one data processing policy in said policy action table (col. 2, lines 
31-60; col. 7; col. 9, lines 43-65). 

Regarding claim 14, Abraham teaches the apparatus of claim 13, wherein the 
second data processing unit is adapted to process each packet according to said data 
processing policy corresponding to said thread associated with said packet (col. 2, lines 
31-60; col. 7; col. 9, lines 43-65). 
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Regarding claim 15, Abraham teaches the apparatus of claim 13, further 
comprising a memory unit connected to said first data processing unit and to said 
second data processing unit, said memory unit adapted to temporarily store packets 
before processing by said second data processing unit (col. 2, lines 31-60; col. 7; col. 9, 
lines 43-65). 

Regarding claim 19, Abraham teaches a method for processing data packets, 
comprising: 

receiving a first incoming packet (col. 9, lines 43-65, Abraham discloses inbound 
packets); and 

processing the first incoming packet according to said stored policy (col. 9, lines 
43-65, Abraham discloses the filtering of packets). 

Abraham fails to teach the limitation further including determining whether to 
admit the first incoming packet using filtering and assigning a first thread to the first 
incoming packet if said first incoming packet is admitted after the filtering, wherein said 
first thread points to a stored policy. 

However, Gleeson teaches the use of a filtering and data compression program 
which is called to determine if a data packet should be filtered out; and a receive 
manager thread assigned to a packet after filtering and that thread calling a 
decompressor routine (col. 20, lines 51-67; col. 21, lines 1-50). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Abraham in view of Gleeson to determine whether to admit the first 
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incoming packet using filtering and assigning a first thread to the first incoming packet if 
said first incoming packet is admitted after the filtering, wherein said first thread points 
to a stored policy. One would be motivated to do so because it would allow for the 
packets to be processed more efficiently. 

Regarding claim 20, Abraham teaches the method of claim 19, wherein said 
stored policy comprises a first address pointer pointing to the location of a first set of 
instructions, and wherein said processing step utilizes said first set of instructions to 
process said first incoming packet (col. 7). 

Regarding claim 21, Abraham teaches the method of claim 20, wherein said 
stored policy further comprises a second address pointer pointing to the location of a 
state block, and wherein said processing step utilizes said state block to process the 
first incoming packet (col. 5, lines 46-67; col. 6, lines 1-4). 

Regarding claim 22, Abraham teaches the method of claim 19, further comprising 
the step of storing at least one policy in a policy action table (col. 2, lines 31-60; col. 7). 

Regarding claim 23, Abraham teaches the method of claim 22, further comprising 
the step of updating said policy action table (col. 17, lines 7-67; col. 18, lines 1-14; 
Abraham discloses adding a rule to the database). 
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Regarding claim 24, Abraham teaches the method of claim 19, wherein said 
determining step further comprises searching a policy condition table for a rule 
corresponding to the contents of the first incoming packet (col. 2, lines 31-60; col. 7; col. 
9, lines 43-65). 

Regarding claim 25, Abraham teaches the method of claim 19, further comprising 
the step of placing the first incoming packet in a processing queue after said assigning 
step and before said processing step (col. 9, lines 43-65). 

3. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Abraham 
and Gleeson further in view of Sinclair, U.S. Patent No. 6,069,827. 

Abraham teaches the invention as claimed including the monitoring, logging and 
blocking data packets transmitted via an intranetwork or internetwork (see abstract). 

As to claim 4, Abraham teaches the method of claim 3. Abraham teaches an 
addressable memory unit of one of said plurality of instruction sets (col. 7; Abraham 
discloses a rules database) and an addressable memory unit of a state block (col. 5, 
lines 46-67; col. 6, lines 1-4; Abraham discloses the system administrator having access 
to what type of services and information each user may have access to on the Internet) 

Abraham fails to teach the limitation further including the use of a first and 
second address pointer element for identifying the locations in the addressable memory 
unit. 
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However, Sinclair teaches memory systems for storing block structured data (see 
abstract). Sinclair shows evidence of the use of multiple pointers pointing to separate 
locations in a memory unit. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Abraham in view of Sinclair to use a first and second address 
pointer element for identifying the locations in the addressable memory unit. One would 
be motivated to do so because pointers allow for efficient retrieval of data from an 
addressable memory unit. 

4. Claim 16 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Abraham and Gleeson further in view of Murakami et al., U.S. Patent No. 6,065,065. 

Abraham teaches the invention substantially as claimed including the monitoring, 
logging and blocking data packets transmitted via an intranetwork or internetwork (see 
abstract). 

As to claim 16, Abraham teaches the method of claim 1 . 

Abraham fails to teach the limitation further including the second data processing 
unit comprising a plurality of general purpose processors for executing instructions in 
parallel. 

However, Murakami teaches a parallel computer including a file system for 
storing and processing a massive volume of data (see abstract). Murakami teaches the 
invention use of a parallel computer system (col. 1, lines 50-67; col. 2, lines 1-14). 



Application/Control Number: 09/609,690 Page 1 1 

Art Unit: 2157 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Abraham in view of Murakami to use a plurality of general purpose 
processors for executing instructions in parallel. One would be motivated to do so 
because executing instructions in parallel will allow the unit to run more processes at 
once allowing for overall faster speeds. 

5. Claim 30 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Abraham, U.S. Patent No. 5,983,270, in view of Gleeson, U.S. Patent No. 5,627,829, 
further in view of Murakami et al., U.S. Patent No. 6,065,065. 

Abraham teaches the invention as claimed including the monitoring, logging and 
blocking data packets transmitted via an intranetwork or internetwork (see abstract). 

As to claim 30, Abraham teaches an apparatus for processing data packets, 
comprising: 

a first data processing unit adapted to filter incoming packets (col. 2, lines 31-60, 
Abraham discloses a filter engine); 

an addressable memory unit in which a plurality of instruction sets for packet 
processing are stored (col. 2, lines 31-60; col. 7, Abraham discloses a set of rules and a 
rules and logging database); and 

a data bus connecting the addressable memory unit and the first and second 
data processing units (col. 2, lines 31-60; col. 7, Abraham discloses a network 
connecting the units); 
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wherein a policy condition table connected to said first data processing unit, said 
policy condition table having a plurality of rules stored therein (col. 2, lines 31-60; col. 7; 
col. 9, lines 43-65; Abraham discloses a set of rules in a database); 

wherein a policy action table connected to said data bus and said addressable 
memory unit, wherein said policy action table stores at least one data processing policy 
(col. 2, lines 31-60; col. 7, Abraham discloses policies collected by a database); 

wherein said first data processing unit comprises logic for matching a first 
incoming packet to a stored first rule and for generating a first thread if the first incoming 
packet matches said first rule, said first thread identifying the location of one of said at 
least one data processing policies in said policy action table (col. 2, lines 31-60; col. 7; 
col. 9, lines 43-65); 

wherein said second data processing unit is adapted to process the first incoming 
packet according to said data processing policy corresponding to said first thread (col. 
2, lines 31-60; col. 7; col. 9, lines 43-65); 

wherein said data processing policy comprises a first address pointer to a 
starting address of a first set of instructions and a second address pointer to a starting 
address of a state block stored in said addressable memory unit, said state block used 
by said first set of instructions for processing the first incoming packet (col. 5, lines 46- 
67; col. 6, lines 1-4; col. 7); 

wherein said first processing unit further comprises logic for matching a second 
incoming packet to a stored second rule and for generating a second thread if the 
second incoming packet matches the second rule, said second thread identifying the 
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location of one of said at least one data processing policy in said policy action table (col. 
2, lines 31-60; col. 7; col. 9, lines 43-65); 

wherein said second data processing unit is adapted to process the second 
incoming packet according to said data processing policy corresponding to said second 
thread (col. 2, lines 31-60; col. 7; col. 9, lines 43-65); 

wherein a memory unit connected to said first data processing unit and to said 
second data processing unit, said memory unit adapted to temporarily store packets 
before processing by said second data processing unit (col. 2, lines 31-60; col. 7; col. 9, 
lines 43-65); 

wherein the apparatus includes a control logic unit coupled to an input (col. 9, 
lines 43-65; Abraham discloses policies input by operators of the computers) and the 
policy condition table for feeding an arithmetic logic unit (col. 9, lines 43-65; Abraham 
discloses policies stored and processed by a rules and logging database), which is in 
turn coupled to the policy action table and the state block for generating an output (col. 
9, lines 43-65; Abraham discloses that the policies are passed to the filter executive 
where they are optimized and sent to the filter engine). 

Abraham fails to teach the limitation further including a second data processing 
unit adapted to process incoming packets according to one of said plurality of instruction 
sets after the filtering, based on a thread assigned to the incoming packets by the first 
data processing unit and wherein said second data processing unit comprises a plurality 
of general purpose processors for executing instructions in parallel. 
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However, Gleeson teaches an apparatus and methods for connecting nodes to 
wireless networks usibg standard network protocols (see abstract). Gleeson teaches 
the use of a compression routine run after filtering that is called by the transmit manager 
thread which is assigned before filtering (col. 20, lines 51-67; col. 21, lines 1-50) but 
fails to teach the second data processing unit comprising a plurality of general purpose 
processors for executing instructions in parallel. 

However, Murakami teaches a parallel computer including a file system for 
storing and processing a massive volume of data (see abstract). Murakami teaches the 
invention use of a parallel computer system (col. 1, lines 50-67; col. 2, lines 1-14). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Abraham in view of Gleeson to use a second data processing unit 
adapted to process incoming packets according to one of said plurality of instruction 
sets after the filtering, based on a thread assigned to the incoming packets by the first 
data processing unit. One would be motivated to do so because it would allow for the 
packets to be processed more efficiently. 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Abraham in view of Murakami to use a plurality of general purpose 
processors for executing instructions in parallel. One would be motivated to do so 
because executing instructions in parallel will allow the unit to run more processes at 
once allowing for overall faster speeds. 
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6. Claims 17 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Abraham, Gleeson, and Murakami further in view of Scales, U.S. Patent No. 
5,761,729. 

Abraham teaches the invention as claimed including the monitoring, logging and 
blocking data packets transmitted via an intranetwork or internetwork (see abstract). 

As to claim 17, Abraham teaches the method of claim 16. 

Abraham fails to teach the limitation further including at least one said general 
purpose processor comprising a complex instruction set computer processor. 

However, Scales teaches a distributed computer system including a distributed 
shared memory (see abstract). Scales shows evidence of the use of a complex 
instruction set computer processor (col. 1 , lines 63-67; col. 2, lines 1-7, 49-67; col. 3, 
lines 1-8,41-63). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Abraham in view of Scales to use a complex instruction set 
computer processor. One would be motivated to do so because a complex instruction 
set processor can perform several low-level operations and can deal with packet 
complexity. 

As to claim 18, Abraham teaches the method of claim 16. 
Abraham fails to teach the limitation further including at least one said general 
purpose processor comprising a reduced instruction set computer processor. 
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However, Scales teaches a distributed computer system including a distributed 
shared memory (see abstract). Scales shows evidence of the use of a reduced 
instruction set computer processor (col. 1, lines 63-67; col. 2, lines 1-7, 49-67; col. 3, 
lines 1-8,41-63). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Abraham in view of Scales to use a reduced instruction set 
computer processor. One would be motivated to do so because a reduced instruction 
set processor allows for rapid execution of a sequence of simple instructions. 

Response to Arguments 

7. Applicant's arguments with respect to claims 1-25 have been considered but are 
moot in view of the new ground(s) of rejection. 



Conclusion 

8. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
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mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .1 36(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

9. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

U.S. Pat. No. 5,615,340 to Dai et al. 

U.S. Pat. No. 6,647,418 to Maria et al. 

U.S. Pat. No. 6,493,752 to Lee et al. 

U.S. Pat. No. 6,253,321 to Nikander et al. 

U.S. Pat. No. 6,262,776 to Griffits. 

U.S. Pat. No. 6,675,218 to Mahler et al. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Avi Gold whose telephone number is 703-305-8762. 
The examiner can normally be reached on M-F 8:00-5:30 (1st Friday Off). 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on 703-308-7562. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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